From 94bb2d0b3ac9a00d57f0084520f4a047f295e013 Mon Sep 17 00:00:00 2001 From: Joseph Bylund Date: Tue, 7 Mar 2023 18:41:52 -0500 Subject: [PATCH 1/2] Apply some linting rules to oauth.py Signed-off-by: Joseph Bylund --- src/databricks/sql/auth/oauth.py | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/src/databricks/sql/auth/oauth.py b/src/databricks/sql/auth/oauth.py index 0f49aa88f..9f5f5ec25 100644 --- a/src/databricks/sql/auth/oauth.py +++ b/src/databricks/sql/auth/oauth.py @@ -17,6 +17,7 @@ logger = logging.getLogger(__name__) +# pylint: disable=invalid-name class OAuthManager: OIDC_REDIRECTOR_PATH = "oidc" @@ -38,12 +39,12 @@ def __get_redirect_url(redirect_port: int): def __fetch_well_known_config(idp_url: str): known_config_url = f"{idp_url}/.well-known/oauth-authorization-server" try: - response = requests.get(url=known_config_url) + response = requests.get(url=known_config_url, timeout=10) except RequestException as e: logger.error( - f"Unable to fetch OAuth configuration from {idp_url}.\n" + "Unable to fetch OAuth configuration from %s.\n" "Verify it is a valid workspace URL and that OAuth is " - "enabled on this account." + "enabled on this account.", idp_url ) raise e @@ -59,9 +60,9 @@ def __fetch_well_known_config(idp_url: str): return response.json() except requests.exceptions.JSONDecodeError as e: logger.error( - f"Unable to decode OAuth configuration from {idp_url}.\n" + "Unable to decode OAuth configuration from %s.\n" "Verify it is a valid workspace URL and that OAuth is " - "enabled on this account." + "enabled on this account.", idp_url ) raise e @@ -96,24 +97,26 @@ def __get_authorization_code(self, client, auth_url, scope, state, challenge): code_challenge=challenge, code_challenge_method="S256", ) - logger.info(f"Opening {auth_req_uri}") + logger.info("Opening %s", auth_req_uri) webbrowser.open_new(auth_req_uri) logger.info( - f"Listening for OAuth authorization callback at {redirect_url}" + "Listening for OAuth authorization callback at %s", + redirect_url ) httpd.handle_request() self.redirect_port = port break except OSError as e: if e.errno == 48: - logger.info(f"Port {port} is in use") + logger.info("Port %d is in use", port) last_error = e except Exception as e: - logger.error("unexpected error", e) + logger.error("Unexpected error: %s", e, exc_info=True) if self.redirect_port is None: logger.error( - f"Tried all the ports {self.port_range} for oauth redirect, but can't find free port" + "Tried all the ports %s for oauth redirect, but can't find a free port", + self.port_range ) raise last_error @@ -150,7 +153,7 @@ def __send_token_request(token_request_url, data): "Accept": "application/json", "Content-Type": "application/x-www-form-urlencoded", } - response = requests.post(url=token_request_url, data=data, headers=headers) + response = requests.post(url=token_request_url, data=data, headers=headers, timeout=5) return response.json() def __send_refresh_token_request(self, hostname, refresh_token): @@ -206,7 +209,7 @@ def check_and_refresh_access_token( # Try to refresh using the refresh token logger.debug( - f"Attempting to refresh OAuth access token that expired on {expiration_time}" + "Attempting to refresh OAuth access token that expired at %s", expiration_time ) oauth_response = self.__send_refresh_token_request(hostname, refresh_token) fresh_access_token, fresh_refresh_token = self.__get_tokens_from_response( From e2f315a869cb89c042b4f62daade50219aefb25d Mon Sep 17 00:00:00 2001 From: Joseph Bylund Date: Fri, 10 Mar 2023 08:46:50 -0500 Subject: [PATCH 2/2] (joe) re-black --- src/databricks/sql/auth/oauth.py | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/src/databricks/sql/auth/oauth.py b/src/databricks/sql/auth/oauth.py index 9f5f5ec25..c61f8f704 100644 --- a/src/databricks/sql/auth/oauth.py +++ b/src/databricks/sql/auth/oauth.py @@ -19,6 +19,7 @@ # pylint: disable=invalid-name + class OAuthManager: OIDC_REDIRECTOR_PATH = "oidc" @@ -44,7 +45,8 @@ def __fetch_well_known_config(idp_url: str): logger.error( "Unable to fetch OAuth configuration from %s.\n" "Verify it is a valid workspace URL and that OAuth is " - "enabled on this account.", idp_url + "enabled on this account.", + idp_url, ) raise e @@ -62,7 +64,8 @@ def __fetch_well_known_config(idp_url: str): logger.error( "Unable to decode OAuth configuration from %s.\n" "Verify it is a valid workspace URL and that OAuth is " - "enabled on this account.", idp_url + "enabled on this account.", + idp_url, ) raise e @@ -101,8 +104,7 @@ def __get_authorization_code(self, client, auth_url, scope, state, challenge): webbrowser.open_new(auth_req_uri) logger.info( - "Listening for OAuth authorization callback at %s", - redirect_url + "Listening for OAuth authorization callback at %s", redirect_url ) httpd.handle_request() self.redirect_port = port @@ -116,7 +118,7 @@ def __get_authorization_code(self, client, auth_url, scope, state, challenge): if self.redirect_port is None: logger.error( "Tried all the ports %s for oauth redirect, but can't find a free port", - self.port_range + self.port_range, ) raise last_error @@ -153,7 +155,9 @@ def __send_token_request(token_request_url, data): "Accept": "application/json", "Content-Type": "application/x-www-form-urlencoded", } - response = requests.post(url=token_request_url, data=data, headers=headers, timeout=5) + response = requests.post( + url=token_request_url, data=data, headers=headers, timeout=5 + ) return response.json() def __send_refresh_token_request(self, hostname, refresh_token): @@ -209,7 +213,8 @@ def check_and_refresh_access_token( # Try to refresh using the refresh token logger.debug( - "Attempting to refresh OAuth access token that expired at %s", expiration_time + "Attempting to refresh OAuth access token that expired at %s", + expiration_time, ) oauth_response = self.__send_refresh_token_request(hostname, refresh_token) fresh_access_token, fresh_refresh_token = self.__get_tokens_from_response(